Fran:
You may need to 1) add a few lines of code in AuthCookie to make your error
code aware to other methods, and 2) have a dynamic login page that can
interpret the code. Alternatively, you may try AccessCookie I posted. :-)
In AccessCookie, you simply "return $error" from authenticate(), let login
page() catch the code and display corresponding instruction. I haven't
tested it in a frame set, but it should appear a login page with custom
instructions in the last window the user visited before the expiration time.
The user re-types login/password, then is redirected to the page he tried
before.
Peter Bi
----- Original Message -----
From: "Fran Fabrizio" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 17, 2002 3:01 PM
Subject: framesets/AuthCookie question
>
> I'm using AuthCookie and as some of you know, if it determines your
> session to be invalid it redirects to a login page instead by way of a
> FORBIDDEN response coupled with a custom error page.
>
> My app has a frameset (navigation on the left, and two data frames on
> the right). I know the evils of framesets, but in our case, it's the
> best way to present our particular data.
>
> What ends up happening is that if the session expires, AuthCookie
> displays the login page inside whatever frameset you were clicking in,
> while the other two remain on whatever they were on previously.
>
> I made a quick solution...I told AuthCookie that my login page was
> login.html. login.html had javascript which called /real/login (a
> mod_perl handler) and targeted it to the top frame. All is well and now
> the entire browser window gets cleared and replaced with the login page.
>
> However...I then thought it'd be neat to include on the /real/login page
> a message to tell them how they got there ("Your session has expired",
> "Your account has logged on from another location", "Invalid
> username/password combination", whatever...).
>
> At first I thought I could accomplish this by simply doing
> $r->notes('LOGINFAILMSG' => 'Your session has expired') if AuthCookie
> detected it to be thus, and then in my handler I could retrieve it and
> display it.
>
> However, it's failing of course because I added the extra redirection of
> the login.html w/ the javascript, which makes a round trip to the client
> and back, so it looks like a brand new request to mod_perl, thus, no
> notes() any more. Is there a solution to breaking out of the frameset
> AND propagating the reason for the logout to the /real/login page?
>
> I'd appreciate and and all ideas. Thanks!
>
> -Fran
>
>
>
